09)B*ffl4$fwr (jp) 02) & |g j£f 1^ 



14: ^ 



2* $g (A) 



#^2002 -312316 
(P2002 - 312316A) 

(43) <&M 0 ¥^14^1 0^ 25 0 (2002. 10. 25) 



(SDIntCl. 7 
G 0 6 F 15/00 
13/00 

G0 9C 1/00 
H O 4 L 9/32 
12/22 



3 3 0 

5 10 

6 6 0 



F I 

G 0 6 F 15/00 
13/00 

G 0 9 C 1/00 
H04L 12/22 
9/00 



T-?n-r(i£#) 

33 OA 5B085 

5 1 OS 5J104 

6 6 OE 5K0 3 0 



6 7 1 



OL (± 11 K) 





&1S2001 - 1 14891 ( P2001 - 114891) 


(71)ffllSA 


399104844 










(22)ai*BB 


¥j£134p 4 £13 B (2001. 4. 13) 




ym^^mmiTm 8 #12^ 






(72)58K# 


JO® 








SOjCg»EBKWS2TglO#14*t ftj«fi? 














(74)f^lA 


100105784 








#S± tig $32. 











(54) [Sg^CD^] ^IET5'-feX|&jtSefe<J;t/*ffi, ^lEy^-feXS&ikffi^D^^A, f3S8*&#: 



(57) [g&j] 

it, a— <f|gaEtfJSjiUfc£ 1 i awaken* 
Sf^^tcflij A*<IE81ipJffl#te* 0 -r £ LT i W«VXf 



ft 1 aNSottflBttJKfl 



3tl ©tffi* 



25 , — 



21 



1 



— r 



At- 



H JB U - ? 



5 



20 



(2) 

1 

xf-A^^-fex-tsco 1 j&sft a— f mutffSiL t t 

»r?nfc«^fc, ±ffi**fc*fr£fl-»fr5©7*-feX 

* »T-r 5 cfc 9 fcapjw-r s »j a t * fc c ^ 

ft £ * S*IE7 2 -fe *|»ihSstlo 
CBB*^2] *«y h7-*t>L<tt±E*-y h7-^ 10 
±© X r A K 7 ^ -fe X "T 5 WCi&B * a— *f BSE£3 
It % W&ffi *. ilffl t 3 ^17 * -fe X Kit SB 

±12* >y h 7-^*^LTn»^6»±SH**K7^-feX 

ifBffi tfMft L T ^ % Sfr £ W W "T 5 fU Wr¥& * 
±f2«$T^SK<fc 0 ±taa— tfBSEaVSfi LTi^S 
Kfr£ftfcif-£ic, ±E7*-feXg#fc*tr3lSS*tftf] 

"T^^IET^-bXKihgBo 20 

n— <fBSEtfJ&si UTVSIffltc. ±823.— tf BUte «fc 9 

7 * ± x^ri *nrc i/xf AJiwawajfr & ±12* -y 

h7-**ftLT±E«*fc7***E#jW2!5ftT€ 
fztZlc. ±£7*-feXg#KJtr5JS£%HJ2jLia:^ 
«fc ^ tc Slffl-r 3 c t *1#a £ t £ li^rR 2 tcf 2«cCD^IE 

7^-bxp^±sa 0 

[»*«4 3 ftft7KU*£fcfcfcSK1*fH : fc#H8 

*flM.fc*v h7-*±©*»l««fcaffl?5*IE7* 30 

±8E*y h7-*t>U<t4±IB*'y H7-^±©>'Xx 
££7*fcXl-§©fc&Bfta— ^SE;&ett3flM&& 
tt*.fciS*fc:B8 LT, ±Ea— ♦TBffitf JS&LfcfrSfr 

±IBW»r*at <fc t) ±Ka-lfKSEtf Lfc fcWWr* 

n^fctic, ±g3g»i«a*iiaa5-a-, ±Ea~»rBSE 

tir $B(c B t & S i: i: & K > ±K|iJ»r^ S»c «fc 0 ±I2a 

[3**85] ±ES2©S»11t$IHi, ±8Ba— tfBffiE 
(c J: 9 7 2 -fe XAf"!? nfc ~>Xf- AUM e»± 

SCt a t S 4 KE»0*IE7 * -fe X Kit 

SBo 

Hfc#JS6 3 *>y h7-*fcl><tt±E*'y h7-* 
±0->X-rAfc7^-bX-rs«tc < esSftn.— ifKaE^S 50 
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ttS«tefcfi*fc«*fc:fl-»fr&±E*'y h 7-^*^ 

LTTt-txmxtfmibnTzrctzKs ±KJig*(cK 
u T±ie^.-if BUtfias l t ^ § frg/WW-f £ sb 

1 (07.7- y 7 £s 

±IBffi*{c ill L X ±f£3L—*fmiltff£iL L X I ^ £ ¥ ij Vr 
?nfc*£te. ±E7*-feXEjRfc*trSJS8*maL 

&<^«fc 9 fcsnw-r 4» 2 coxf- v yts^-r § c 

a i: t & ^IE7 ^ -tr x|ftit^i£ 0 
[»#«7] ±H2^2c07>x<y^THi, ±IB4S*ttM 
L T±Ei— ^fmUtffS. iL L T ^ 5 HK: , ±ffia— »fi8 
ffiEtCk 0 7 ^^T.tfm^tntzi/T.Th^^m^ 
±12* <y h7-^^LT±IBffi*t7^-trXS5R*^ 
5,nT*fct^(c, ±SB7*-b^S*tJfrS«MS%W 

*>y h7-^feL<{±±ffi* < y h7-^ 
±<D$/Xf- Afc 7 ^ -bXfSOKj&Sfta— 9*8BSE«:S 
ttS«WI*il*fc4l6*fci8LT, ±l2a-^ - Ig|iEcOfi)t§ 
?:*iJ»f-r5^10Xx'y^t> 
±S4»*K: n LT±f2:i-+Fi?«j£u Lfc * fc, 

-^feSSf S*«*S«±IB«gS1»ai«:iHI«Hi-, ±12 

S2©«Ktt«fcH*&*.sm2©X-f'y7 , fc, 
±SB*»*C B8LT ±ffia-1fBIE^«PI»S- nfc £ t , 
±8BSB 2 ®&%1ft ?B^±fBJiJg UT *si/^c7cO«K«« 

tM-r^ 3 ©xf «y 7°^ 5 c fc%«pa t-r 

7^-trX|^±^ffio 

CW*S9] ±IH» 2 ogKtffStt, ±IS3.-ifffiliE 
(c J: 0 7 ^ -fe X^rI ? nfc i/X-r AW^onSJ^ 6 ± 

5 c fc*1#ai:-r 8 Kta*CHFiE7^-feXI»ih 

[W5R*10] *«y h7-^±K«fflt?nfe«*fcB8 
LT, ±12* -y h7-*fcL<li±K*'y H7-^±0 
•>Xf A 7 ^ -fe X1" S ©{Ci&g&a— tf IgSE^il L 

J: 0 ±153.— If ISEA^il LTV->5 £ ^mstlltm^ 
±8B«B*fc»-r*na*^<D7^-bX«:j!l»f-rs«t 

3 (cfrjfflhr s ftsiju^a t u x 3 y e a - * £$b££ # s 

[»*«1 1] *-y h7-^t>L<tt±l2*-y h7- 
>7 ±<D i/ X -r K \t 7 ^ -fe X -T S> CO tc i&g * a -If gggE^ 
£tt § fc«*K^a5^ 6 ±12* -y h 7 - * % 

ft b T 7 * -fe XB#tfa$ 6 nT ^ fc * K , ±I2S*{C 

m Lx±tte-*fmmtffsn Lx^ztf^tfmm-t % 

¥iJHfi¥S. fe«fctf±8BliJ»i¥Sfc «fc »J±gB3.— if'igfiE^ 
riuiLTl/>5i:W»i*nfc«^t, ±I27^-bXg*tc 

*fT5iss*a* L*v^«fc ^ tiw»-rs*"i»¥a4: 

n > tr a - ^ -&S fc»©*IE7 ^ -fe Xl^i^P 



(3) 

3 

[fulfil 2] ■ *v h7-^tb<«±fE^>y F7~ 

* ±0»Xr 7 * -tr Xf 3©K&B*a— IfBSE* 
£ttS«fl&&B*fciS*£H LT> ±8E3.— *f|SIiEtffi!c 

±tE¥'JW? IS t «t 0 ±IEa— 9* BKtf fiRsi L fc W»r£ 
ftfc£*fc» fcft7FUX*t»fcM^*«*#!HLT 

rawaa 13] b$£ i6~i2 ©firn*^ i Mcim 

[0001] 20 

ttfcMU 0lj;tt& *>y h«7— i'fe L<ttS&*'y F7 

BSflBHfcSRBU ISjMT5#©y-F* ! PJ»rLTT--* 
tejg-TSBfilfcfiM.fc^'y F'7-^±co4 J «tl(tJiffl 

[0 0 0 2] 

K£*<oftffi] ifi^, ^y^-*^hWyh7*7h 30 

* if ©* -y h 7 - * *fijffl t fclMH ~> * t- A tffc < ffl ^ 

^IEfiA> 1f$8i!$, 827^ IftSSv'X-r A 

[0 0 0 3] a— yKBEKW^f^WftfeOtt, ><*7 

P>ftfc@:S£>^X9— K%+— tf-F&iffr^A^U 40 

K^fflAISlI'>XxA(c J: •jj&'&SftTIE 
Ll^CfctfWfri&fcftSi^ *«y h 7-f^ll->Xf 
A±cD:>Xf- 2*^057 * -tr 5 J: 3 fc ft 5 fc ©T' 

[0 0 0 4] tC5£i\ ftmc3s^TI,i>^y*y?'ttWi 
#|q]±u /<X7-F5fciStrc 4: oT*TV 

fc£5^IE7^X£^£{cK±r3Ci:&WII±^BJ 
fllTfeofco fCT'IifiTHi, ftBtfB&ftl C*-F 
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T^5o COI C*-F&fflVTfc, fOI C 

o-rs Lr^iE{c7^-b7.-r§sn^feofc 0 

[0 0 0 5] C©J:9*II1B^6» #K«iBT?fi* £tt 
W B&g&fcoTfflAfcBB'J-r** l^tofcS/W* 
* FU*Xf?JiEi» s a@£ft, i^tiT^S. g 
fc, cfti: I c*-Ffcfcffl#£trt*fc8iBt>rafl*ft 
TVS. CflAtf, a-tfOjgft-r-** I C*-Ffctt 

tturfe*, %v b r 7-<>m<Dmmmz ; t<D i c*-f 
Eutfttf^y vy-t^or t^ttum?**? 

[0006] 

[^^TOLcfc 5 ^-r sun] ±SB©'W* * MJ £ 
xsRatfw, ^ft^ i c*-Kt*ii*^<3-&fc3.- 
*fBBK*&2fc«fcfttfs $sw?x7-f^i ca- 

F ZWvm^S Jt^T\ If ~> X x A<Dg£tt 

A7+>^nSi:, *OiB*J&B*#»cLTfl!lAk:«fc 
?>^IE^7^-tX^7t>nTLS9 fc^SIHIHtf&o 

[0 0 0 7] C£>Ci:£:, 0 8%fflO'»Tfif L<SWB1* 
So 08tC^-f->XxAT'f±, IK ^2C0iffl*l 0 

l, l 0 2 A« • l 0 6 h7- 

^l l 0*^LTfttt*nTV^5o A* •^•9—^1 
0 6£ttf-M-Xl 0 7^JgiBE?nTfcO, A* • 

-*o«f ten, {sao^s • • • • tg 

[0 0 0 8] »K SB2 0JS*l 0 l. !02fcA»- 
/<! l 0 6 ttOP^fcti. fflAISIISB 10 5*% 
ijnti/^o fflAISE^B 10 5(4. r-^^-X 1 

0 7±flD-r-*^i»«'A/*tifc»). fflA1WH^K*nfc 

1 0 6tcWr?>7^-trX?:^oa— tfjcWLTO^ffF 

[0 0 0 9] 311 ©48*1 0 lfctt, I CA-K1 04 
CDl*fflU-^l 0 3**88813 ft So IC*-Fl0 4fc 
«, A**<S#-9--^l 0 6KWrS7^-bXtt%Wr 
5a— ifk:H-rSBIE1f!« (a— ^'©Xx-^Xlf fg, 

[0 0 1 0] m 1 <D4S* 1 0 1 <D3.—yff*y W-O 
1 1 O^^LTA* • *&%9--/S 1 0 6tc7^-feX-r5 
S-f, lC*-Kl04Wffl'J-^103K 
ffiALTa»©BffiE«ai*IB 1 tOffi* 1 0 1 
•£3. W, 1 1 0 Hi, R*«jo^KiI«*%fflA 

BSESB l 0 5 (ciMSo BABBSB 1 0 5 14, mi <D 
US* l 0 l*^3ie.ftT*fcESEW«%«lBL, ELtt 
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tUfA* • A 1 0 6^<D7?-feX;&ffFi5rt3o 

[ooi i] co^oicLxmicy^mi o nca-if 
tSEtf/fcsi-f s t. mmm i i o i frt>®Amm 

mm l 0 5 ^/t-LTA*- ^4-9—^1 0 6ICI5AX 

^jfM^n^o c comir\ 3? 2 cdss* i o 2 &e>m i 

1 0 1 tfi/syf-yy-StlSt. % 1 ©4$* 1 0 1. 
*PS*feK LTlf! 2 1 0 2 Oi-WS 1 ©ffi* 

1 (D3.— If Of* U A* • fS4-9— ^ 106IC^ 
IBc 7 * -tr X-T S C £: tfnjfg * o T L S 9 0 
[0 0 12] c 9 fc, a— »fBEfitUai* 10 

«&&tfia * 6 tu IBB* Uffl^i-X^-coftfi Atf *7ffiS£ 

«fc o Ta-f ggSEW^ii L fc«S*%M -y * y 

*>y h7-^V^i^7 h7— ^±0>>Xf-AJcJtr5 
flSAJc-feS^iET^-bX^^fcKi^cfctt-etft^o 

[0 0 13] C©J:5ai9»&#ft-r5fc«> 
tCfi5t$n/ife(DT-*0, a— »fBiEA^ib-fciil*%a 20 
LTffiAtflESHWB^fcft 0 1 S f t i^o fc^IE 

So 

[00 14] 

±E*v h , 7-^tL<«±8E*y h7-^±0~>Xf 
A 7 ^ -tr Xf ScDfc&igfta-^tgSETiMil b T V ^§ 
frSfrfcWRr SWW ? a , ±E¥iJ»f*©K <fc 0 ±52 

*te w-rs^gPft^ ©7* -trx^jgw-rs J: 9 »cM»-r 

§ frlfP^ S fc c fc £«r« i: * 3 . 

[0 0 15] *5MiO(ISO!6«Tli 1 *-yh7-?£>L 
<ti±E* , y h7-?±<7>>Xx.M;:7^-trx-f 3<Dfc 

^IE7^-trXl^±SBT-feoT, ±8B*-yh7-f^ 
L Tttawp 6±EflS*fc 7 * -tr XBsRtfiM 6 nr * t 
f? , ±f Bffl* tc gg L T ±SB a— ffKSE tfJ« i L T I ^ 5 

^SA^ww-r 5 jpjwr^ a t , ±33W»f¥aft * o ±ia 

a— •fKaE^AUTV^fcJpJBiSnfcii^k:, ±IB7 40 

[0 0 16] ^wo^oflnoiitK-en, ±E»J9P¥a 
it, ±E*S*tcBB LT±JB£=l— «f Effitf Jiifi 
«c , ±Ka-if' BE t i 0 7 ^ -tr X#I*nJ£ nfc >X-r 
2»U01-©fl-afotP 6 ±12* -y h 7- * LT±ie^*{c 
7^-bXS**^6nT#fcfctfc, ±IB7^-trXS* 

[ooi7] *&w<D*<Dm<Dmm?&. ^tfi^x 50 
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LTx-^KSI-rsaS^KAfc^y h7-^±©4>8l! 
$t§£^fflt3^IE7£-trX|ft±=ggT*fcoT, ±E* 
<y h9-*fcL<t4±E*-y h7-^±0»XxAfc7 
^ -tr XT 3 © K&g ftn.— "fBiEi&Stt 5 «MB*ffll * fc 
tt^fc'BB UT, ±IBa— tPISIIJMi Lfe*»S*»%WBr 
f 5 WW* S fc , ±EWK¥aK <fc 0 ±123.-- tf BSE^ 

m*LLitt*mztircti£ic., ±H3S»i»«%iiai« 

±IBi-ifKiEWjSfiLfc«!*«:JBfti:-rs«K* 

W^aic J; 0 ±Ea- »fKfiE^»l«« ntct%mt tilt 
fcttc, ±12^2 O^S§tfffi^±f2JIiiLTfci/ ^tcO 
eB8*«tR-r J: 9 fcflPj»-r«*iJjW¥ai:%«*fcc 

[0018] *fem<o*<oi&<oimvit. ±&mz<oi& 

KIWHti, ±523.— *fKSEfc«k 0 7^-trX^Bj^ tife 

[0 0 19] *%B^(D^IE7^±XK±^tt, 
*<y h7-^*>L<«±l2*-y h7-^±cDv/XxA(c 

fc4g*tW.»3^&±E*'y h7-^^LT7^-bXS 
**<ai&nT*fci:#K, ±52*a*tc|8tT±E^— »f 

±IBJS*K:KLT±Ea--»fKliE« t riiStUTt^ii 
WWSnfc*&K» ±fB7^±Xg5Rtc2tr§JS^£ai 
73 L^v^J: 7 fcSJfpr 5® 2 OX-r -y 7°i:^Wr 5 C i: 

[0020] ^mmmommm. ±izm 2 0^7 

^"■Pti, ±8E4S*fc|»LT±523.— IfBSEA^iLT^ 

Xf AJ-Xno^^P»±H2^ »y h 7-^^^ LT±l2ffl 
*{c7^-trXS5}c^jM6nTtfci:€tc, ±I27^±X 
g^fc Jtr Sl£aF*ttJ* Lft^J: 5 fclWffl-r 5 C t 

[00 2 1 ] *56W<D*«Dffl<Dfilfllt*tt, *'y h7-^ 
<£> b< tt±E**y b7-?±<DS'X-rAH:7?-trXf £ 

Ts ±12^-— ifigSEco^S^WKT-rsmKOXx-yT" 
fc, ±R2*B*tHLT±E3.— yBBE^itUfci;* 

FC7*-*(E2S , rS*««»0±5JfiK««%ii3l!* 
■8", ±Ea--«fB5E* < lSiLfc4B*%3i!5ti:-r*SK% 

iiK Lfc^ 2 (D^SSIf ffi(c@#^^. §^ 2 ©Xf y 7 
t , ±!2«*{cM LT±f2a-+f nfc 1 1 
t, ±ES 2 ««tt1«««:±Eiijtt LT*Jt^7C<DligS 

*«tc R-r m 3 £oxf -y -f t s c t %«p« t -r 

So 

[0 0 2 2] #«lllJ<D*0fl&0aB«-eH:, ±IBm2CD,g 
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[0 0 2 3] *fc, *£W©*m7*-feX|»lfc7W5 

*-y h7-*fcL<li±ffl*'y F7-£±©^X-r.Mc 
.7 * -b X-f 5 ©K&Bfca— f BSEtfjfcfc LT £ frS 
/j^WW-T 5 WBfm *5 J: tf ±KW»r^ Sic «k 0 ±12 

*»J»¥St LT3>t:a-**«!filS*5fc«>0*.0 10 

[0 0 2 4] *«WO<fiOHflfett, **yh7-*feL 
<(4±e*y F7-^±©^Xf--Mc7?-fe7,f 6©fC 
i&E&a— lfSijE%S*t fe«S*te W-ffi** 6 

±12* -y H7-^£/fLT7^-trXg*tfi£e>ftT£fc 
1 1 tc, ±£«B*tc|fl UT ±8B3.— f KSE^S LTV 

s frgfrzmm? 6 ipjwr ^a, « <£ t; ±iEMRr*ae «t 

±SS7*-t:XS*KWr §J58&UtfJ L&Vcfc -5 £»JH 

[0 0 2 5] ^mmZOi&iDMnTM, *>y F7-^ 
& L<«±I2*-y F7-?±©>-XxAfc7^-teX-f 5 
©fc^fc:i--'fKffi*£ttS«ffi&«*fcffi*fcraL 
T. ±gBi-if SHtf rifot Ltzfr&frmm? 2>¥iJ®t¥ 
S, ±E|iJ»T^ ©fc «k 0 ±ffi:i— IfffiHEtf j£3i L fc t « 

LT^©/-Kfc'r-^IEa|-r5*«aHSO±ESKW 
ffi*iISt?-e\ ±ffia-1fffiHtfiSiL;fctt*%*B$fci: 
f 5SK*B»r UfcS 2 ©««HS«H:{l*»a.3^K, 30 
«fctf±8e«tt¥8fc: J; 0 ±I2a— FiMEtf ISWiSftfc 
WBrS n/c # fc % ±IBS 2 ©,18S§1ll$g£±I2iijg L 

[0 0 2 6] ttc. *5EW©3>t!a-*R*lR»)5I« 

*£8BH*tt, Sft$£ 10-1 2©ffliafr l «te33tt© 
[0 0 2 7] 

mwDmmmm'} (.m i ©^«§«iq *«w 40 

©!?U©fMffi£EIfflKS^T»t3o HlMu 

H7-*S';*7 1 A^©«JSfcjjVrBT*&S. 
[0 0 2 8] il(C^T> I, 2, 3(i^^-V^^3 
ytf:i-*!¥fre>J«S*S*. 9ti7ri';L'-9— 10 

[0 0 2 9] 7r-TW- /*9ti» 7 7-frt/©ei3t, 9J 
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lOli, JS5K1. 2, zfrbomXXcM&vxtt*- 

2, 3 e> o fc £ s i s» Lfc 9 1- s&a 

%t79 0 A* rtl Hi, &ill*J©A* • 

twrstt^aieasfT^o isa • ura*-*-^ 1 2 

[0 0 3 0] 8&i;]/-£T*fc9, *«yh7-*-2 0±© 
BSftffillteRllStVtVSo *S3>tTa — 
•y F7-* 2 0±fcSHgSftfc7*-*H;, &-f /I/-* 8 
*«SLTBWfc-rS3>lfa-*JcjHt6nS. d© 
rt/-*8tt, I P'vy$ffc&S$Sjte I P7 Fl^Xfcfci: 

iV) *#HBU te£^§#©V-F£fiJ®TLTx-£;£: 

[00 31] 13 liffl AKffl:SH"l?fc 0 > 31 1 -18 3 © 
iS*l~3i:, A*- ifcJ:tf«a-W» 
■9—^1 2tOBIH:»H«nT^S 0 fflASiESB 1 3 
«, A* • U&^tf-X l K «9 • ^ l 2 tcW 

•T S 7 * -b »f (c^f t TO^ffnl-r 5 fc«> 

tc, m 1 fc.fctfSZ©** 1 , 2fr52S6tiT<SffiSE 

[0 0 3 2] mi IC*-K5©«ffl'J 
-^"4 j^SasnSo I CA-F5 Ktt, A* • 

*^©/W*««^) m^LTfc*< 0 $ 1 <DWZ 1 © 
a— 7rY;W-^9fc^-W-^i ottcg 

%ffli,'>Ta— 9TBSE%S»SC fc-p. A* • 

1 1 tt,7^-b^T'#S«t9K*«o 

[00331 ^1 ©4£* 1 ©a— WA* • 164-9—^ 

1 UC7*-b^-T5«^(4, *"f, IC*-K5*»ffl 

'J 4 (cMI A LT S^©HgfiE1f IH*m 1 ©4S* i fcfflE 

-^8^tT<@AlgIiEgBl 3{ciM?, 0 {iAISIiEgH 
1 3tt, ai©ttS*1^6iSe)tlTtfcffiaEtt[f8%fitB 
U iEb^n^A*-l&4-9--^l l'\©7^-bX^B ! F 

COO 3 4) Sfc, »2©iS*2»cH:, IC*-K7© 

sa'W^-^i 2tcwrs7^-fe7.*isw-r53.- 

*2©a— tf(i, 7 7-i , M-/ , !9i:^-M-^l 0 
tfcg&^^-feXT^C^tfT-^iifcfc^ IC* 
- F 7 tf KjSE*S»t5 C t T\ ^3 • W8 

2{ct7^-feXT-t?)<i:-5{c^:§ 0 
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[ 0 0 3 5 ] SS 2 ©iffi* 2 «a-WH • 8*»*-'< 
1 2fc7*-fe*TS*Hrtt* *"f> IC*-F7*Sffl 
u _ ^ 6 t ff A a#©8SE1K»&SB 2 ©S« 2 (c§! 
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CLAIMS 



[Claim(s)] 

[C ,a,m 1, The uniawfu, access arrester characterized by to have the centre. 
m eans contrCed to intercept access from the outside to the above-mentioned 
termina, when i, is judged that the above-mentioned user authentication has 
b een material with a decision means judge whether user authentication 
req uired to access the system on the above-mentioned networK or the 
above-mentioned networK has been metered about the termina, connected 
on the network, and the above-mentioned decision means. 
,C,aim 21 It is the uniawfu, access arrester applied to the termina, equipped with 
th e function to receive user authentication retired to access the system on a 
network or the above-mentioned network. When the access request has been 
sent to the above-mentioned termina, from the exterior through the 



above-mentioned network A decision means to judge whether the 
above-mentioned user authentication is materialized about the above-mentioned 
terminal, The unlawful access arrester characterized by having the control 
means controlled not to output the response to the above-mentioned access 
request when it is judged that the above-mentioned user authentication is 
materialized with the above-mentioned decision means. 

[Claim 3] The above-mentioned control means is an unlawful access arrester 
according to claim 2 characterized by controlling not to output the response to 
the above-mentioned access request when the access request has been sent to 
the above-mentioned terminal through the above-mentioned network from the 
exteriors other than the system by which access was permitted by the 
above-mentioned user authentication while the above-mentioned user 
authentication is materialized about the above-mentioned terminal. 
[Claim 4] It is the unlawful access arrester applied to the junction device on the 
network equipped with the function which judges and carries out data transfer of 
the following node transmitted with reference to path information based on a 
destination address. It is related with the terminal equipped with the function to 
receive user authentication required to access the system on the 
above-mentioned network or the above-mentioned network: When it is judged 
that the above-mentioned user authentication was materialized with a decision 



means to judge whether the above-mentioned user authentication was 
materialized, and the above-mentioned decision means While transposing to the 
2nd path information which intercepted the path which makes the destination the 
terminal with which the above-mentioned path information was evacuated and 
the above-mentioned user authentication was materialized The unlawful access 
arrester characterized by having the control means controlled to return the path 
information on the above 2nd to the path information on the origin which carried 
out [ above-mentioned ] evacuation when it is judged that the above-mentioned 
user authentication was canceled by the above-mentioned decision means. 
[Claim 5] The path information on the above 2nd is an unlawful access arrester 
according to claim 4 characterized by being the path information for intercepting 
the path which made the above-mentioned terminal the destination from the 
exteriors other than the system by which access was permitted by the 
above-mentioned user authentication. 

[Claim 6] When the access request has been sent to the terminal equipped with 
the function to receive user authentication required to access the system on a 
network or the above-mentioned network, through the above-mentioned network 
from the exterior The 1st step which judges whether the above-mentioned user 
authentication is materialized about the above-mentioned terminal, The unlawful 
access prevention approach characterized by having the 2nd step controlled not 



to output the response to the above-mentioned access request when it is judged 
that the above-mentioned user authentication is materialized about the 
above-mentioned terminal. 

[Claim 7] The unlawful access prevention approach according to claim 6 
characterized by controlling by the 2nd step of the above not to output the 
response to the above-mentioned access request when the access request has 
been sent to the above-mentioned terminal through the above-mentioned 
network from the exteriors other than the system by which access was permitted 
by the above-mentioned user authentication while the above-mentioned user 
authentication is materialized about the above-mentioned terminal. 
[Claim 8] It is related with the terminal equipped with the function to receive user 
authentication required to access the system on a network or the 
above-mentioned network. The 1st step which judges the success or failure of 
the above-mentioned user authentication, and when the above-mentioned user 
authentication is materialized about the above-mentioned terminal The 2nd step 
replaced with the 2nd path information which intercepted the path which makes 
the destination the terminal with which the above-mentioned path information of 
the data transfer junction [ / path information ] device to the following node based 
on a destination address was evacuated, and the above-mentioned user 
authentication was materialized, The unlawful access prevention approach 



characterized by having the 3rd step which returns the path information on the 
above 2nd to the path information on the origin which carried out 
[ above-mentioned ] evacuation when the above-mentioned user authentication 
is canceled about the above-mentioned terminal. 

[Claim 9] The path information on the above 2nd is the unlawful access 
prevention approach according to claim 8 characterized by being the path 
information for intercepting the path which made the above-mentioned terminal 
the destination from the exteriors other than the system by which access was 
permitted by the above-mentioned user authentication. 

[Claim 10] The unlawful access prevention program for operating a computer as 
a control means which controls to intercept access from the outside to the 
above-mentioned terminal, when it is judged that the above-mentioned user 
authentication has been materialized with a decision means judge whether user 
authentication required to access the system on the above-mentioned network 
or the above-mentioned network has been materialized about the terminal 
connected on the network, and the above-mentioned decision means. 
[Claim 1 1] When the access request has been sent to the terminal equipped with 
the function to receive user authentication required to access the system on a 
network or the above-mentioned network, through the above-mentioned network 
from the exterior A decision means to judge whether the above-mentioned user 



authentication is materialized about the above-mentioned terminal, And the 
unlawful access prevention program for operating a computer as a control 
means controlled not to output the response to the above-mentioned access 
request, when it is judged that the above-mentioned user authentication is 
materialized with the above-mentioned decision means. 

[Claim 12] It is related with the terminal equipped with the function to receive 
user authentication required to access the system on a network or the 
above-mentioned network. When it is judged that the above-mentioned user 
authentication was materialized with the decision means and the 
above-mentioned decision means of judging whether the above-mentioned user 
authentication having been materialized The above-mentioned path information 
of the data transfer junction [ / path information ] device to the following node 
based on a destination address is evacuated. When it is judged that the 
above-mentioned user authentication was canceled by the means replaced with 
the 2nd path information which intercepted the path which makes the destination 
the terminal with which the above-mentioned user authentication was 
materialized, and the above-mentioned decision means The unlawful access 
prevention program for operating a computer as a means to return the path 
information on the above 2nd to the path information on the origin which carried 
out [ above-mentioned ] evacuation. 



[Claim 13] The record medium which is characterized by recording the program 
for operating a computer as each means of a publication on any 1 term of claims 
10-12 and in which computer reading is possible. 



DETAILED DESCRIPTION 

[Detailed Description of the Invention] 
[0001] 

[Field of the Invention] This invention is applied to the junction device on the 
terminal equipped with the function to receive user authentication required to 
access the system on a network or the network concerned, and the network 
equipped with the function which judges and carries out data transfer of the 
following node transmitted with reference to path information based on a 
destination address, concerning an unlawful access arrester and an approach, 
the program for unlawful access prevention, and a record medium, and is 
suitable. 
[0002] 

[Description of the Prior Art] In recent years, the information system using 
networks, such as the Internet and intranet, is used widely. In this information 



system, it has been an important technical problem how the unauthorized entry 
by others, an information leak, an alteration, operation active jamming of the 
information system itself, etc. are prevented. Although some techniques exist as 
a security system for keeping the insurance of an information system, a user 
authentication technique is in one of them. 

[0003] The typical thing of a user authentication technique is a password. That is, 
each user enters from a keyboard etc. the password of a proper assigned to 
itself, and if the password is collated by the personal authentication system and 
the right thing is confirmed, it comes to be able to perform access to the system 
on a network or the system concerned. 

[0004] However, a hacking technique improves in recent years and it is 
becoming easy to steal a password. Therefore, in user authentication with a 
password, it was impossible to have prevented unlawful access by others 
completely as a matter of fact. So, recently, the user authentication technique 
with which decode used the difficult IC card is also used increasingly. However, 
even if it used this IC card, after that IC card itself was stolen, there was a 
possibility of others having become a normal user, having cleared up and 
accessing unjustly. 

[0005] From such the actual condition, recently, the so-called 
biometric-person-authentication technique of identifying an individual, especially 



using a fingerprint, voice, a face, etc. attracts attention, and is developed. 
Moreover, the technique which combined this and an IC card is also developed, 
for example, a user's fingerprint data - an IC card storing - network utilization 
time the IC card - a terminal - inserting a user his fingerprint data are 
collated, and if right, access to a network etc. will be permitted. 
[0006] 

[Problem(s) to be Solved by the Invention] According to an above-mentioned 
biometric-person-authentication technique, the user authentication technique 
which combined this and an IC card, compared with the case where a 
conventional password and a conventional IC card are used alone, it is possible 
to raise the safety of an information system. However, however it might make full 
use of a user authentication technique, when the terminal with which user 
authentication was materialized was hacked, the terminal was made a 
steppingstone and there was a problem that unjust access by others will be 
performed. 

[0007] This is explained in detail using drawing 8 . In the system shown in 
drawing 8 , the 1st and 2nd terminal 101,102, and personnel affairs and a salary 
server to6 are connected through the network 110. The database 107 is 
connected to personnel affairs and the salary server 106, and the various data 
about personnel affairs and a salary are stored. In these various data, the 



individual humanity news about individual school education, punishment, clinical 
recording, health condition, salary, etc. is also contained. 

[0008] Personal authentication equipment 105 is installed between the 1st and 
2nd terminal 101,102, and personnel affairs and a salary server 106. That it 
should avoid un-arranging [ that the data on a database 107 are altered or 
individual humanity news is stolen ], personal authentication equipment 105 
performs processing about user authentication, in order to permit access to 
personnel affairs and the salary server 106 only to a specific user. 
[0009] The exclusive reader 103 of IC card 104 is connected to the 1st terminal 
101. The authentication information (biotechnology information, such as a user's 
status information or a fingerprint etc.) about the user who has an access 
privilege to personnel affairs and the salary server 106 is stored in IC card 104. 
[0010] When the user of the 1st terminal 101 accesses personnel affairs and the 
salary server 106 through a network 110, IC card 104 is inserted in the exclusive 
reader 103, and the 1st terminal 101 is made to read one's authentication 
information first. The 1st terminal 101 sends the read authentication information 
to personal authentication equipment 105. Personal authentication equipment 
105 checks the authentication information sent from the 1st terminal 101, and if 
right, it will permit access to personnel affairs and the salary server 106. 
[0011] Thus, if user authentication is materialized to the 1st terminal 101, the 



pass from the 1st terminal 101 concerned to personnel affairs and the salary 
server 106 through personal authentication equipment 105 will be formed. In this 
condition, if the 1st terminal 101 is hacked from the 2nd terminal 102, the 1st 
terminal 101 will be made a steppingstone and the user of the 2nd terminal 102 
will be possible [ accessing unjustly at spoofing and personnel affairs and a 
salary server 106 at the user of the 1st terminal 1 ]. 

[0012] Thus, it is becoming difficult conventionally for amelioration to be added 
and, as for the user authentication technique itself, for others other than a 
normal user to receive user authentication. However, by hacking the terminal to 
which user authentication was materialized by the normal user, the terminal 
concerned will be made a steppingstone and it will enable them for others to 
become a normal user and to clear up. Therefore, unlawful access by others to 
the system on a network or the network concerned was not able to be prevented 
completely. 

[0013] This invention is accomplished in order to solve such a problem, makes a 
steppingstone the terminal with which user authentication was materialized, and 
aims at enabling it to prevent effectively unlawful access that others become a 
normal user and clear up. 
[0014] 

[Means for Solving the Problem] The unlawful access arrester of this invention is 



characterized by to have the control means controlled to intercept access from 
the outside to the above-mentioned terminal, when it is judged that the 
above-mentioned user authentication has been materialized with a decision 
means judge whether user authentication required to access the system on the 
above-mentioned network or the above-mentioned network has been 
materialized about the terminal connected on the network, and the 
above-mentioned decision means. 

[0015] It is the unlawful access arrester applied to the terminal equipped with the 
function to receive user authentication required in other modes of this invention 
to access the system on a network or the above-mentioned network. When the 
access request has been sent to the above-mentioned terminal from the exterior 
through the above-mentioned network It is characterized by having a decision 
means to judge whether the above-mentioned user authentication is 
materialized about the above-mentioned terminal, and the control means 
controlled not to output the response to the above-mentioned access request 
when it is judged that the above-mentioned user authentication is materialized 
with the above-mentioned decision means. 

[0016] In the mode of others of this invention, the above-mentioned control 
means is characterized by controlling not to output the response to the 
above-mentioned access request, when the access request has been sent to the 



above-mentioned terminal through the above-mentioned network from the 
exteriors other than the system by which access was permitted by the 
above-mentioned user authentication while the above-mentioned user 
authentication is materialized about the above-mentioned terminal. 
[0017] In the mode of others of this invention, path information is referred to 
based on a destination address. It is the unlawful access arrester applied to the 
junction device on the network equipped with the function which judges and 
carries out data transfer of the following node to transmit. It is related with the 
terminal equipped with the function to receive user authentication required to 
access the system on the above-mentioned network or the above-mentioned 
network. When it is judged that the above-mentioned user authentication was 
materialized with a decision means to judge whether the above-mentioned user 
authentication was materialized, and the above-mentioned decision means 
While transposing to the 2nd path information which intercepted the path which 
makes the destination the terminal with which the above-mentioned path 
information was evacuated and the above-mentioned user authentication was 
materialized When it is judged that the above-mentioned user authentication 
was canceled by the above-mentioned decision means, it is characterized by 
having the control means controlled to return the path information on the above 
2nd to the path information on the origin which carried out [ above-mentioned ] 



evacuation. 

[0018] In the mode of others of this invention, path information on the above 2nd 
is characterized by being the path information for intercepting the path which 
made the above-mentioned terminal the destination from the exteriors other than 
the system by which access was permitted by the above-mentioned user 
authentication. 

[0019] Moreover, when the access request has been sent to the terminal 
equipped with the function to receive user authentication required to access the 
system on a network or the above-mentioned network, through the 
above-mentioned network from the exterior, the unlawful access prevention 
approach of this invention It is characterized by having the 1st step which judges 
whether the above-mentioned user authentication is materialized about the 
above-mentioned terminal, and the 2nd step controlled not to output the 
response to the above-mentioned access request when it is judged that the 
above-mentioned user authentication is materialized about the above-mentioned 
terminal. 

[0020] In other modes of this invention, at the 2nd step of the above, when the 
access request has been sent to the above-mentioned terminal through the 
above-mentioned network from the exteriors other than the system by which 
access was permitted by the above-mentioned user authentication while the 



above-mentioned user authentication is materialized about the above-mentioned 
terminal, it is characterized by controlling not to output the response to the 
above-mentioned access request. 

[0021] It is related with the terminal equipped with the function to receive user 
authentication required in the mode of others of this invention to access the 
system on a network or the above-mentioned network. The 1st step which 
judges the success or failure of the above-mentioned user authentication, and 
when the above-mentioned user authentication is materialized about the 
above-mentioned terminal The 2nd step replaced with the 2nd path information 
which intercepted the path which makes the destination the terminal with which 
the above-mentioned path information of the data transfer junction [ / path 
information ] device to the following node based on a destination address was 
evacuated, and the above-mentioned user authentication was materialized, 
When the above-mentioned user authentication is canceled about the 
above-mentioned terminal, it is characterized by having the 3rd step which 
returns the path information on the above 2nd to the path information on the 
origin which carried out [ above-mentioned ] evacuation. 

[0022] In the mode of others of this invention, path information on the above 2nd 
is characterized by being the path information for intercepting the path which 
made the above-mentioned terminal the destination from the exteriors other than 



the system by which access was permitted by the above-mentioned user 
authentication. 

[0023] Moreover, the unlawful access prevention program of this invention is for 
operating a computer as a control means which controls to intercept access from 
the outside to the above-mentioned terminal, when it is judged that the 
above-mentioned user authentication has been materialized with a decision 
means judge whether user authentication required to access the system on the 
above-mentioned network or the above-mentioned network has been 
materialized about the terminal connected on the network, and the 
above-mentioned decision means. 

[0024] When the access request has been sent to the terminal equipped with the 
function to receive user authentication required in other modes of this invention 
to access the system on a network or the above-mentioned network, through the 
above-mentioned network from the exterior A decision means to judge whether 
the above-mentioned user authentication is materialized about the 
above-mentioned terminal, And when it is judged that the above-mentioned user 
authentication is materialized with the above-mentioned decision means, it is 
characterized by operating a computer as a control means controlled not to 
output the response to the above-mentioned access request. 
[0025] It is related with the terminal equipped with the function to receive user 



authentication required in the mode of others of this invention to access the 
system on a network or the above-mentioned network. When it is judged that the 
above-mentioned user authentication was materialized with the decision means 
and the above-mentioned decision means of judging whether the 
above-mentioned user authentication having been materialized The 
above-mentioned path information of the data transfer junction [ / path 
information ] device to the following node based on a destination address is 
evacuated. When it is judged that the above-mentioned user authentication was 
canceled by the means replaced with the 2nd path information which intercepted 
the path which makes the destination the terminal with which the 
above-mentioned user authentication was materialized, and the 
above-mentioned decision means It is characterized by operating a computer as 
a means to return the path information on the above 2nd to the path information 
on the origin which carried out [ above-mentioned ] evacuation. 
[0026] Moreover, the record medium which can computer read this invention is 
characterized by recording the program for operating a computer as each means 
of a publication on any 1 term of claims 10-12. 
[0027] 

[Embodiment of the Invention] (1st operation gestalt) The 1st operation gestalt of 
this invention is hereafter explained based on a drawing. Drawing 1 is drawing 



showing the configuration of the whole network system which applied the 
unlawful access arrester by this operation gestalt. 

[0028] In drawing 1 , personnel affairs and a salary server, and 12 are connected 
so that a file server and 10 may be accounting and a financial server a mail 
server and 11 and, as for the terminal with which 1, 2, and 3 consist of a 
personal computer etc., and 9, these can communicate mutually through a 
network 20. 

[0029] A file server 9 processes transfer of a file, deletion, directory actuation, 
etc. A mail server 10 performs processing handed over when the electronic mail 
was transmitted, or the delivered electronic mail is kept and there is enquiry from 
terminals 1, 2, and 3 based on the demand from terminals 1, 2, and 3. Personnel 
affairs and the salary server 1 1 perform various processings about the personnel 
affairs and the salary in a company. Accounting and the financial server 12 
perform various processings about the accounting and financial affairs in a 
company. In addition, since these various servers 9-12 can use a well-known 
thing, detailed explanation of the contents of processing is omitted here. 
[0030] 8 is a router and is installed in the suitable location on a network 20. The 
data transmitted on the network 20 from a certain computer are surely sent to 
the target computer via a router 8. This router 8 judges the following node to 
transmit based on the destination IP address in IP header with reference to the 



path information (routing table) which router 8 self has, and transmits data. 
[0031] 13 is personal authentication equipment and is installed between the 1st - 
the 3rd terminal 1-3, and personnel affairs, the salary server 11 and accounting 
and a financial server 12. Personal authentication equipment 13 performs 
processing about user authentication based on the authentication information 
sent from the 1st and 2nd terminals 1 and 2, in order to permit access to 
personnel affairs and the salary server 11, and accounting and a financial server 
12 only to a specific user. 

[0032] The exclusive reader 4 of IC card 5 is connected to the 1st terminal 1 . The 
authentication information (biotechnology information, such as a user's status 
information or a fingerprint etc.) about the user who has an access privilege to 
personnel affairs and the salary server 11 is stored in IC card 5. The user of the 
1st terminal 1 can also access personnel affairs and the salary server 11 by 
receiving user authentication using IC card 5 while being able to access a file 
server 9 and a mail server 10 freely. 

[0033] When the user of the 1st terminal 1 accesses personnel affairs and the 
salary server 11, IC card 5 is inserted in the exclusive reader 4, and the 1st 
terminal 1 is made to read one's authentication information first. The 1st terminal 
1 sends the read authentication information to personal authentication 
equipment 13 through a router 8. Personal authentication equipment 13 checks 



the authentication information sent from the 1st terminal 1, and if right, it will 
permit access to personnel affairs and the salary server 11. 
[0034] Moreover, the exclusive reader 6 of IC card 7 is connected to the 2nd 
terminal 2. The authentication information (biotechnology information, such as a 
user's status information or a fingerprint etc.) about the user who has an access 
privilege to accounting and the financial server 12 is stored in IG card 7. The 
user of the 2nd terminal 2 can also access accounting and the financial server 
12 by receiving user authentication using IC card 7 while being able to access a 
file server 9 and a mail server 10 freely. 

[0035] When the user of the 2nd terminal 2 accesses accounting and the 
financial server 12, IC card 7 is inserted in the exclusive reader 6, and the 2nd 
terminal 2 is made to read one's authentication information first. The 2nd 
terminal 2 sends the read authentication information to personal authentication 
equipment 13 through a router 8. Personal authentication equipment 13 checks 
, the authentication information sent from the 2nd terminal 2, and if right, it will 
permit access to accounting and the financial server 12. 

[0036] The 3rd terminal 3 is not equipped with the function for receiving user 
authentication. That is, it does not have an access privilege to personnel affairs, 
the salary server 11, and accounting and a financial server 12, but the user of 
the 3rd terminal 3 can be accessed only to a file server 9 and a mail server 10. 



[0037] In addition, although considered as the configuration which forms the 
exclusive readers 4 and 6 of IC cards 5 and 7 by external [ of the 1st and 2nd 
terminals 1 and 2 ] here, the 1st and 2nd terminals 1 and 2 the very thing may be 
equipped with the reading function of IC cards 5 and 7. Moreover, although IC 
cards 5 and 7 are used in order to receive user authentication here, this 
invention does not limit especially the approach of user authentication. For 
example, other user authentication techniques, such as a password, may be 
used. 

[0038] Moreover, although what needs user authentication for accessing was 
made into personnel affairs, the salary server 1 1 , and accounting and a financial 
server 12, it is not limited to these servers here. For example, it may be made to 
consider as the prerequisite of access to the user authentication by personal 
authentication equipment 13 also with other servers or file servers 9 which are 
not illustrated, a mail server 10, or the host computer which is not illustrated. 
[0039] Drawing 2 is the block diagram showing the example of a functional 
configuration of the 1st terminal 1 . In addition, since it is constituted like [ the 2nd 
terminal 2 ] the 1st terminal 1, illustration is omitted here. In drawing 2 , 21 is the 
communications department and performs processing about transmission and 
reception of data through a network 20. 22 is the authentication processing 
section, moves together with personal authentication equipment 13, and 



performs processing about user authentication. 

[0040] The above-mentioned authentication processing section 22 incorporates 
the authentication information in IC card 5 read by the exclusive reader 4, and 
has the function transmitted to personal authentication equipment 13 through the 
communications department 21. Moreover, the authentication authorization 
information sent through the communications department 21 from personal 
authentication equipment 13 is incorporated, and it also has the function to hold. 
Only while the authentication processing section 22 holds authentication 
authorization information, it is possible to access personnel affairs and the salary 
server 11. 

[0041] 23 is the decision section, and when the access request has been sent to 
the communications department 21 through a network 20 from the exterior, it 
judges whether user authentication is materialized about the 1st terminal 1 by 
seeing authentication authorization information whether held by the 
authentication processing section 22. 

[0042] In addition, although authentication authorization information is made to 
hold in the authentication processing section 22 here and the success or failure 
of user authentication are judged by the existence of the information concerned, 
this invention is not limited to this example. For example, when the access 
request has been sent from the exterior, you may make it ask personal 



authentication equipment 13 the success or failure of user authentication 
through the communications department 21. In this case, personal 
authentication equipment 13 will hold authentication authorization information. 
[0043] 24 is a control section, and when the access request has been sent to the 
1st terminal 1 through a network 20 from the exterior while user authentication is 
materialized about the 1st terminal 1 , it is controlled not to output the response to 
the access request from the communications department 21 . On the other hand, 
when user authentication is not materialized about the 1st terminal 1, it usually 
passes and controls to output a response to the access request from the outside. 
[0044] The unlawful access arrester 25 of this operation gestalt is constituted by 
the above-mentioned decision section 23 and the control section 24. This 
unlawful access arrester 25 consists of a CPU of the 1st terminal 1, MPU, RAM, 
ROM, etc. in fact, and the functional configuration of the decision section 23 and 
the control section 24 which were mentioned above when the program 
memorized by RAM and ROM operated is realized. 

[0045] Therefore, the program operated so that the 1st terminal 1 may achieve 
the function of the above-mentioned decision section 23 and a control section 24 
is recorded on a record medium like CD-ROM, and it can realize by making it 
read into a computer. As a record medium which records the above-mentioned 
program, a floppy (trademark) disk, a hard disk, a magnetic tape, an optical disk, 



a magneto-optic disk, DVD, a non-volatile memory card, etc. can be used in 
addition to CD-ROM. Moreover, you may make it download the 
above-mentioned program from other computers through a network 20. 
[0046] moreover, the function of the decision section 23 and a control section 24 
is not only realized by performing the program to which the 1st terminal 1 was 
supplied, but The case where an above-mentioned function is realized in 
collaboration with OS (operating system) or other application software etc. with 
which the program is working in the 1st terminal 1, Also when all or a part of 
supplied processing of a program is performed by the 1st functional add-in board 
and functional expansion unit of a terminal 1 and an above-mentioned function is 
realized, this program is included in the operation gestalt of this invention. 
[0047] Drawing 3 is drawing showing a general communications protocol. When 
transmitting data to a receiving side from a transmitting side, the signal START 
which tells starting data transmission is first sent to a receiving side from a 
transmitting side. If a reply signal Ack is returned to a transmitting side from a 
receiving side corresponding to this, Data Data will be sent to a receiving side 
from a transmitting side. Termination of data transmission sends the signal END 
which tells that data transmission was completed to a receiving side from a 
transmitting side. A series of data communication is completed by returning a 
reply signal Ack to a transmitting side from a receiving side corresponding to this. 



[0048] In such a communications protocol, a control section 24 is controlled not 
to return the reply signal Ack over it, when the data transmitting start signal 
START which is an access request has been sent from the outside while user 
authentication is materialized about the 1st terminal 1. By doing in this way, the 
1st terminal 1 becomes possible [ showing as it does not exist on a network 20 ] 
to access request origin. 

[0049] Usually, hacking to the 1st terminal 1 with which user authentication is 
materialized sends temporary data to the 1st terminal 1 from the exterior, and is 
performed by checking the existence location on the network 20 of the 1st 
terminal 1 . However, since a response is not returned to the access request from 
the outside while user authentication is materialized, the 1st terminal 1 existence 
of the 1st terminal 1 , and it becomes impossible [ the terminal ] according to this 
operation gestalt entirely to access the 1st terminal 1. [ exterior ] 
[0050] It completely becomes impossible to hack the 1st terminal 1 with which it 
followed, for example, user authentication was materialized from the 3rd terminal 
3, it can make the 1st terminal 1 a steppingstone, and can prevent effectively 
unlawful access to the personnel affairs and the salary server 1 1 by others 
becoming the user of the 1st terminal 1 and clearing up. Unlawful access to the 
accounting and the financial server 12 which it also becomes impossible 
similarly to have hacked the 2nd terminal 2 with which user authentication was 



materialized, and made the 2nd terminal 2 a steppingstone can also be 
prevented effectively. 

[0051] Although it is possible to access personnel affairs and the salary server 
11 from the 1st terminal 1 while user authentication is materialized, for example 
about the 1st terminal 1 , it becomes impossible to access the 1st terminal 1 from 
personnel affairs and the salary server 11 conversely in the above example. 
However, a timer is set to Nighttime, for example and demand of printing by 
starting from personnel affairs and the salary server 11, and sending desired 
data to the 1st terminal 1 also exists. 

[0052] Since it corresponds to such a demand, also while user authentication is 
materialized about the 1st terminal 1, the thing to which a permission is granted 
and which is made like (a reply signal Ack is returned) is also possible only for 
access from the personnel affairs and the salary server 1 1 to which access was 
permitted by user authentication. That is, the control section 24 in this case is 
controlled not to output the response to that access request, when the access 
request has been sent to the 1st terminal 1 through a network 20 from 
computers personnel affairs and other than salary server 11. 
[0053] Drawing 4 is a flow chart which shows actuation of the unlawful access 
arrester 25 with which the 1st terminal 1 in this case is equipped. In drawing 4 , a 
control section 24 judges whether user authentication is materialized about the 



1st terminal 1 of the present using the decision section 23, when the 
communications department 21 supervises whether the data transmitting start 
signal START was received from the exterior (step S1) and receives this (step 

52) . 

[0054] When current user authentication is not materialized, even if the 1st 
terminal 1 is hacked, since it is impossible, making the 1st terminal 1 concerned 
a steppingstone and accessing personnel affairs and the salary server 1 1 will 
control the communications department 21 to usually pass and to return a reply 
signal Ack (step S5). This becomes possible to access freely from the outside to 
the 1st terminal 1. 

[0055] On the other hand, when current user authentication is materialized, a 
control section 24 judges whether access request origin (data transmitting start 
signal START dispatch-origin) is personnel affairs and the salary server 1 1 (step 

53) . When performing user authentication using IC card 5 like this operation 
gestalt and setting authentication information as the IC card 5, the IP address of 
personnel affairs and the salary server 1 1 is also held. Therefore, it is possible to 
judge whether access request origin is personnel affairs and the salary server 1 1 
by obtaining whether the IP address read in IC card 5 and the IP address sent 
with the data transmitting start signal START are in agreement. 

[0056] When access request origin is not personnel affairs and the salary server 



1 1 , a control section 24 controls the communications department 21 not to return 
a reply signal Ack to the data transmitting start signal START (step S4). Thereby, 
it is made for the 1st terminal 1 not to appear from the outside, and unlawful 
access to the personnel affairs and the salary server 11 which made the 1st 
terminal T a steppingstone is prevented. 

[0057] Moreover, when access request origin is personnel affairs and the salary 
server 11, a control section 24 controls the communications department 21 to 
return a reply signal Ack to the data transmitting start signal START (step S5). 
This becomes possible to access to personnel affairs and the salary server 1 1 
freely to the 1st terminal 1 . 

[0058] Since it is controlling in the 1st operation gestalt to intercept access from 
the outside to these terminals 1 and 2 while user authentication is materialized 
about the 1st and 2nd terminals 1 and 2 as explained in detail above, it can avoid 
hacking the 1st and 2nd terminals 1 and 2. By this, the 1st and 2nd terminals 1 
and 2 can be made a steppingstone, others can pass personal authentication 
equipment 1 3, and it can prevent effectively accessing unjustly personnel affairs 
and the salary server 1 1 , accounting, a financial server 12, etc. 
[0059] (2nd operation gestalt) Next, the 2nd operation gestalt of this invention is 
explained based on a drawing. The configuration of the whole network system 
which applied the unlawful access arrester by the 2nd operation gestalt is the 



same as that of drawing 1 . However, the 1st and 2nd terminals 1 and 2 are not 
equipped with the functional configuration of the unlawful access arrester 25 
shown in drawing 2 . In this operation gestalt, an unlawful access arrester is 
formed in a router 8. 

[0060] Drawing 5 is the block diagram showing the example of a functional 
configuration of a router 8. In drawing 5 , 31 is the communications department 
and performs processing about data transfer through a network 20. That is, with 
reference to the path information (routing table) currently held at the path 
information memory 35, the following node to transmit is judged based on the 
destination IP address in IP header of the data sent through a network 20, and 
data are transmitted. 

[0061] 32 is the decision section and judges the success or failure of the user 
authentication about the 1st terminal 1 and 2nd terminal 2. When the 1st and 
2nd terminals 1 and 2 receive user authentication, data required for user 
authentication are exchanged via a router 8 among these terminals 1 and 2 and 
personal authentication equipment 13. Therefore, when the decision section 32 
supervises the data which mind the communications department 31 of a router 8 
in the case of activation of user authentication, and are carried out at it, it is 
possible to check that user authentication was materialized or that user 
authentication has been canceled after that. 



[0062] In addition, the technique of judging the success or failure of the user 
authentication about the 1st and 2nd terminals 1 and 2 is not limited to this. For 
example, when user authentication is materialized or canceled by the 1st and 
2nd terminals 1 and 2, you may make it tell that clearly to a router 8 from the 1st 
and 2nd terminals 1 and 2. 

[0063] 33 is a control section, when it is judged that user authentication was 
materialized about the 1st terminal 1 or 2nd terminal 2 by the decision section 32, 
evacuates the path information in the path information memory 35 to the 
evacuation memory 36, and transposes the contents of the path information 
memory 35 to the 2nd path information which intercepted the path which makes 
the destination the terminal with which user authentication was materialized. 
Moreover, when it is judged that user authentication was canceled, it controls to 
return the path information on the origin which evacuated to the evacuation 
memory 36 to the path information memory 35. 

[0064] The unlawful access arrester 34 of this operation gestalt is constituted by 
the above-mentioned decision section 32 and the control section 33. This 
unlawful access arrester 34 consists of a CPU of a router 8, MPU, RAM, ROM, 
etc. in fact, and the functional configuration of the decision section 32 and the 
control section 33 which were mentioned above when the program memorized 
by RAM and ROM operated is realized. 



[0065] Drawing 6 is drawing showing the example of replacement of path 
information. Drawing 6 (a) shows in image the path information (routing table) 
memorized from the first by the path information memory 35. O mark in a table 
shows that a path exists. Usually, all the paths about each node connected on 
the network 20 serve as O mark. 

[0066] In addition, from the 1st terminal 1, being written as "IC" in the path over 
accounting and the financial server 12 from the path and the 2nd terminal 2 over 
personnel affairs and the salary server 11 shows that it is the path to which 
access is permitted, when user authentication is received using IC cards 5 and 7. 
Moreover, although the path over personnel affairs and the salary server 11, or 
accounting and a financial server 12 also serves as O mark from other nodes, it 
does not mean that this only shows that there is only such a path, and has 
permitted access. 

[0067] For example, suppose that user authentication was materialized about 
the 1st terminal 1. In this case, the path information on a part that the 1st 
terminal 1 serves as a receiving side is replaced like gTawin^ (b). x mark in 
drawing 6 (b) means that such a path does not exist. This replacement is 
equivalent to canceling all the path information from other nodes to the 1st 
terminal 1. When carrying out this replacement, in order to enable it to restore 
the path information on original later, the path information before replacing is 



evacuated to the evacuation memory 36. 

[0068] Then, if IC card 5 is extracted in the 1st terminal 1 and user authentication 
is canceled, the condition of drawing 6 (a) will be restored by returning the path 
information on the origin which evacuated to the evacuation memory 36 to the 
path information memory 35. In addition, the path information evacuated to the 
evacuation memory 36 at the time of formation of user authentication may be all 
path information shown in drawing 6 (a), and may be only parts to replace. 
[0069] Thus, while user authentication is materialized about the 1st terminal 1, 
the 1st terminal 1 becomes possible [ showing as it does not exist on a network 
20 ] to access request origin by covering a mask over the path information on a 
path that it results [ from other nodes ] in the 1st terminal 1. Although it surely 
goes via a router 8 in case the 1st terminal 1 is accessed, since the path 
information in the router 8 is replaced at the time of user authentication formation, 
existence of the 1st terminal 1 cannot be known from the exterior, but it becomes 
impossible entirely to access the 1st terminal 1 . 

[0070] It completely becomes impossible to hack the 1st terminal 1 with which it 
followed, for example, user authentication was materialized from the 3rd terminal 
3, it can make the 1st terminal 1 a steppingstone, and can prevent effectively 
unlawful access to the personnel affairs and the salary server 11 by others 
becoming the user of the 1st terminal 1 and clearing up. Unlawful access to the 



accounting and the financial server 12 which it also becomes impossible 
similarly to have hacked the 2nd terminal 2 with which user authentication was 
materialized, and made the 2nd terminal 2 a steppingstone can also be 
prevented effectively. 

[0071] In addition, also in the 2nd operation gestalt, also while user 
authentication is materialized, for example about the 1st terminal 1, the thing to 
which a permission is granted and which is made like (the mask of the path 
information on a path that it results [ from personnel affairs and the salary server 
1 1 ] in the 1st terminal 1 is not carried out) is also possible only for access from 
the personnel affairs and the salary server 1 1 to which access was permitted by 
user authentication. That is, the 2nd part is considered as O mark from the 
bottom in the example of drawing 6 (b). 

[0072] Drawing 7 is a flow chart which shows actuation of the unlawful access 
arrester 34 by the 2nd operation gestalt. In drawing 7 , the control section 33 in a 
router 8 is supervising the success or failure (formation and discharge of user 
authentication) of user authentication about the 1st terminal 1 and 2nd terminal 2 
using the decision section 32 (step S11). 

[0073] When user authentication is not materialized by the both sides of the 1st 
terminal 1 and the 2nd terminal 2, even if these terminals 1 and 2 are hacked, 
since it is impossible, making the terminals 1 and 2 concerned a steppingstone 



and accessing them at personnel affairs and the salary server 1 1 , or accounting 
and a financial server 12 will hold the usual path information as it is in the path 
information memory 35, and it will continue supervising the success or failure of 
user authentication. It is possible for this to access freely from the outside to the 
1st terminal 1 and 2nd terminal 2. 

[0074] When the success or failure of user authentication have change about the 
1st terminal 1 or 2nd terminal 2, it judges whether it is formation of user 
authentication (step S12). When user authentication is materialized to the 1st 
terminal 1 or 2nd terminal 2, the path information about the terminal with which 
the user authentication was materialized is evacuated from the path information 
memory 35 to the evacuation memory 36, and the 2nd path information which 
carried out the mask of the path which results in the terminal concerned is 
transposed to the path information memory 35 (step S13). 
[0075] On the other hand, when user authentication is canceled about the 1st 
terminal 1 or 2nd terminal 2, the path information about the terminal of which the 
user authentication was canceled is restored to the path information memory 35 
from the evacuation memory 36 (step S14). After processing of the 
above-mentioned step S13 or step S14 returns to step S11, and continues the 
monitor of user authentication success or failure. 

[0076] Since it is controlling also in the 2nd operation gestalt to intercept access 



from the outside to these terminals 1 and 2 while user authentication is 
materialized about the 1st and 2nd terminals 1 and 2 as explained in detail 
above, it can avoid hacking the 1st and 2nd terminals 1 and 2. By this, the 1st 
and 2nd terminals 1 and 2 can be made a steppingstone, others can pass 
personal authentication equipment 13, and it can prevent effectively accessing 
unjustly personnel affairs and the salary server 11, accounting, a financial server 
12, etc. 

[0077] In addition, it passes over no each operation gestalten explained above to 
what showed an example of the somatization which hits carrying out this 
invention, and the technical range of this invention must not be restrictively 
interpreted by these. That is, this invention can be carried out in various forms, 
without deviating from the pneuma or its main description. For example, you may 
apply combining the 1st operation gestalt and the 2nd operation gestalt. 
[0078] 

[Effect of the Invention] Since this invention is controlled to intercept access from 
the outside to the terminal with which the user authentication was materialized 
while user authentication is materialized about the terminal connected on the 
network, as mentioned above, it can avoid hacking the terminal with which user 
authentication was materialized. It can prevent effectively others becoming to a 
normal user at a step, clearing up the terminal with which user authentication 



was materialized, and accessing unjustly by this, at a target network and a target 
system. 



DESCRIPTION OF DRAWINGS 
[Brief Description of the Drawings] 

rprawing 1] It is drawing showing the configuration of the whole network system 
which applied the unlawful access arrester by the 1st and 2nd operation 
gestalten. 

fDrawing 2] It is the block diagram showing the example of a functional 
configuration of the 1st terminal by the 1st operation gestalt. 
[Drawing 3] It is drawing showing a general communications protocol. 
[Drawing 4] It is the flow chart which shows actuation of the unlawful access 
arrester with which the 1st terminal by the 1st operation gestalt is equipped. 
fDrawing 5] It is the block diagram showing the example of a functional 
configuration of the router by the 2nd operation gestalt. 

fDrawing 6] It is drawing showing the example of replacement of path 
information. 

fDrawing 7] It is the flow chart which shows actuation of the unlawful access 



\ 

arrester with which the router by the 2nd operation gestalt is equipped. 

[Drawing 8] It is drawing showing the configuration of the conventional whole 

network system. 

[Description of Notations] 

1, 2, 3 Terminal (personal computer) 

4 Six Exclusive reader 

5 Seven IC card 

8 Router 

9 File Server 

10 Mail Server 

1 1 Personnel Affairs and Salary Server 

12 Accounting and Financial Server 

13 Personal Authentication Equipment 

21 Communications Department 

22 Authentication Processing Section 

23 Decision Section 

24 Control Section 

25 Unlawful Access Arrester 

31 Communications Department 

32 Decision Section 



33 Control Section 

34 Unlawful Access Arrester 

35 Path Information Memory 

36 Evacuation Memory 



